|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On Fri, May 23, Thorsten Kukuk wrote:
On Fri, May 23, Frankie Boy wrote:Hello!Me and my friend started to develop a PAM-module which moves the configuration-process responsibility from system administrator to system users. Every system user is able to configure his own pam-modules stack for authentication.Hm, isn't that a big security risk? This would allow an user to configure a very weak authentication schema, which allows hacker to crack this account very fast ... Thorsten
Thanks for your reply, Yes, there is a possibility to create weak authentication scheme, but it will allow hacker to crack only the account of a user who created this schema!module is targeted to advanced users, users that don't know of the module existence will use default configs
Please note that in a system that use passwords to verify users, user might for example set password same as his user name or for example send his password to someone.
When user is allowed to configure whole stack of modules instead of password there is of course more ways to hack user account.But with more flexibility we require more responsibility. As i was saying this is targeted to users that know what are they doing and will do it at their own response
this is also described on sourceforge site. best regards, hope i am clear, Franciszek Wawrzak, _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list